Digital / Security / Tradecraft (11/20)

U.S. Ambassador to the E.U. Gordon Sondland’s worldview-vitiating testimony about President Trump hoping to trade an official act for a thing of personal value is rightfully crowding out a congressional discussion of whether the calls between President Trump and Sondland constituted a counter-intelligence threat.

Well, yes — they did.

Sondland told Rep. Adam Schiff that his calls with Trump on an unsecure line were unclassified, and, of course, President Trump is the ultimate original classification authority, but national security information does not have to be classified in order to be immensely valuable to adversaries.

Anything a president says in confidence can give an adversary critical policy-making insight, and Russia , in particular, would gobble up every bit of intelligence about U.S. intentions vis-a-vis the Ukraine, but Russia is at war with the Ukraine. Assuming that Russia’s foreign intelligence service has access to Ukraine’s cellular phone switching systems, which the U.S. believes to be the case, obtaining critical intelligence could be as easy as figuring out Sondland’s cell phone number, which any journalism student anywhere could do.

Intercepting the content of e-mails or calls made over encrypted apps would be more difficult. Ukraine, along with China and Russia, are not places where U.S. officials should be discussing ANY diplomatic business on their personal cell phones, period.

Elsewhere today….

There’s evidence that senior FBI officials do not have a good sense of how to appropriately hide their personal text messages, AND/OR don’t know the difference between SMS messaging and secure messaging — AND/OR don’t know how to clear their caches / AND/OR forget to not back up those messages to their clouds.

White hat hackers discovered another deep operating system flaw that could have allowed attackers to access virtually every part of an Android phone’s sensors (cameras, microphones, magnetometers), even when those assets weren’t being accessed by a user.

An attacker could silence the camera shutter to hide the fact that it was recording video and photos without consent. These actions could even be taken when the malicious app was closed, with the screen off and the phone locked.

The flaw also gave an attacker access to stored media on a device, as well as the GPS data on photos and videos in its library. And it allowed an app developer to eavesdrop on both sides of a phone conversation and record audio.